Archive for September, 2017

(credit: Koichi Taniguchi ) There’s a vulnerability in High Sierra and earlier versions of macOS that allows rogue applications to steal plaintext passwords stored in the Mac keychain, a security researcher said Monday. That’s the same day the widely anticipated update was released. The Mac keychain is a digital vault of sorts that stores passwords and cryptographic keys. Apple engineers have designed it so that installed applications can’t access its contents without the user entering a master password. A weakness in the keychain, however, allows rogue apps to steal every plaintext password it stores with no password required. Patrick Wardle, a former National Security Agency hacker who now works for security firm Synack, posted a video demonstration here . The video shows a Mac virtual machine running High Sierra as it installs an app. Once the app is installed, the video shows an attacker on a remote server running the Netcat networking utility . When the attacker clicks “exfil keychain” button, the app surreptitiously exfiltrates all the passwords stored in the keychain and uploads them to the server. The theft requires no user interaction beyond the initial installation of the rogue app, and neither the app nor macOS provides any warning or seeks permission. Read 4 remaining paragraphs | Comments

MacOS High Sierra was never meant to be truly transformative. As we covered in our preview of Apple’s new desktop OS , it’s mostly focused on refining its predecessor, last year’s Sierra . At the same time, it also lays the groundwork for bigger changes down the line. Since there’s not much you’ll actually notice, and barely anything has changed since we published our extensive preview, we won’t be doing a full review of the new OS. But with High Sierra officially launching today , it’s worth highlighting the handful of notable features. A better Safari Apple claims that Safari 11 in High Sierra is the world’s fastest web browser. My testing with the JetStream benchmark confirmed that it was faster than both Chrome and Firefox on my MacBook Air. Safari clocked in with a score of 176.8, while the other two browsers came in around 129 (and yes, higher is better). Even so, I still found myself relying on the other browsers most of the time. Some of Google’s services, like Hangouts, only work on Chrome. And Firefox is typically the browser I use for dealing with anything related to work (it’s helpful having two browsers open at once for managing multiple Google accounts). While Safari tended to load some sites faster, that wasn’t enough to make me switch over. As for other tweaks, Safari 11 mutes auto-playing web videos by default, which should help bring some peace as more sites push unwanted video on their readers. You can also enable the cleaner “Reader” mode automatically for specific sites, or have it automatically turn on for every website that supports the feature. That’s something you can only do with Chrome through settings hacks, or by installing third-party extensions. Apple also claims Safari will let you browse the web for two hours longer than the other two browsers, as well as watch Netflix for four hours longer. Photos upgrades As we covered in our preview piece, the Photos app got a slew of tweaks. But after testing the OS for the past few months, I ended up appreciating the new Live Photos capabilities the most. Just like in iOS 11, you can now turn Live Photos into short animated clips that resemble GIFs. You can choose from Loop, which just repeats the clip; Bounce, which moves it back and forth in time; and Long Exposure, a unique effect that mimics the dreamy photos you can get by manipulating exposure settings on bigger cameras. They’re not groundbreaking effects, but they finally make Live Photos seem useful, rather than a waste of space. All of other Photos upgrades from iOS 11 also show up in High Sierra. That includes smarter people recognition (which can sync across all of your iCloud-connected devices), more automatic Memories options, and a wider assortment of photo filters. Another helpful upgrade: Third-party companies can now create extensions for Photos, which allows you to do things like prepare photo books without leaving the app. VR support Thanks to Metal 2, Apple’s updated graphics API, MacOS can finally handle virtual reality. Right now, it’s limited to the HTC Vive using SteamVR — sorry, Oculus Rift fans. And, just like with typical games, not every title supports Macs yet. Sure, it’s very much early days for VR on Macs, but at least it’s possible now with High Sierra. We didn’t have any beefy Macs to test out the OS’s VR capabilities, unfortunately. As we’ve noted before, figuring out which Macs can actually support VR is surprisingly confusing. But at least High Sierra also brings support for external GPU docks, which means you can conceivably upgrade any Thunderbolt-equipped Mac with faster graphics capabilities. Metal 2 should also make High Sierra more efficient at rendering windows and typical UI elements, especially if you have a decent dedicated GPU. I didn’t notice much of a difference on my 2014 MacBook Air as I tested the new OS over the past few months. Wrapping up A few other points worth noting: Apple made a big deal about its upgraded Apple File System when it first announced High Sierra, but I didn’t notice much of a difference as I was testing the OS. Surprisingly, the company also dropped support for APFS on hybrid Fusion drives — at this point it only works on SSDs. Siri brings over its improved voice and DJ abilities that we first saw in iOS 11. You can now check on your airline flight status right from the Spotlight search bar. We always knew High Sierra was going to be an iterative update for Apple, but I’m surprised by how few visible changes there are. It’s tough to tell you’ve even upgraded from Sierra unless you peek at your system’s settings. Together with a similarly humdrum iOS 11 update (unless you’re on an iPad), it seems like Apple was more focused on its new hardware this year than its software.

Netflix’s in-flight streaming is available through a few carriers around the world, but it’s far from a staple of air travel. More often than not, technological limitations will force you to download that new show before you leave home. It could be far more common going forward, though. Netflix is launching an initiative that will use its mobile device encoding technology to make Netflix accessible on aircraft that don’t always have the luxury of fast satellite internet access . As you might have already surmised, mobile encoding uses far less bandwidth than what you get on the desktop. A “DVD quality” stream uses just 250Kbps, for instance. You won’t confuse that with a 4K HDR stream at home, but it’s good enough for a seat-back display or a tablet. And importantly, it won’t clog an aircraft’s WiFi network. You’d still need a reasonably fast connection to serve a large volume of passengers, but it beats having to limit access to just a few people or none at all. Partnerships with airlines should kick off sometime in early 2018. Netflix isn’t naming specific allies, but it’s safe to say that this opens the door to carriers that couldn’t even consider the idea before. The big question is whether or not it’ll work as well in practice as it does in theory. This could be great for avoiding the mediocre movie and TV selections you frequently find on airlines, but it won’t help much if it renders airborne WiFi unusable the moment there’s a new Stranger Things season .

An anonymous reader quotes a report from CNBC: Instagram said Monday that it’s added another 100 million monthly users. That brings the photo-sharing app to 800 million monthly active users, up from 700 million in April, according to Carolyn Everson, vice president of global marketing solutions at Facebook, who spoke at an Advertising Week event in New York City. Five hundred million of those are daily active users, the company said. That means that Instagram is still ahead of rival Snap in terms of users, based on Snap’s last report. Snap said in August that it had 173 million daily active users. Time spent watching video on Instagram is up more than 80 percent year over year, the company also said on Monday, and four times as many videos are being produced every day on Instagram compared with a year ago. Read more of this story at Slashdot.

theodp writes: In a slick new video, segments of which were apparently filmed looking out from Google’s Chicago headquarters giving it a nice high-tech vibe, Chicago Public Schools’ CS4ALL staffers not-too-surprisingly argue that creating technology is “a power that everyone needs to have.” In the video, the Director of Computer Science and IT Education for the nation’s third largest school district offers a take on why U.S. IT jobs were offshored that jibes nicely with the city’s new computer science high school graduation requirement. From the transcript: “People still talk about it’s all offshored, it’s all in India and you know, there are some things that are there but they don’t even realize some of the reasons that they went there in the first place is because we weren’t making our own.” Read more of this story at Slashdot.

Intel has launched its 8th-generation mainstream desktop chips, calling the flagship $359 Core i7-8700K its “best gaming desktop processor ever.” The six-core, 12-thread 3.7GHz chipboosts Gears of War 4 frame rates up to 25 percent compared to 7th-gen desktop chips . It can also do 4K video editing up to 32 percent faster. The best gains are with multitasking, as Intel says gaming, streaming and recording with Player Unknown: Battlegrounds will be 45 percent fast than before. What’s more, it can be overclocked to 4.7 GHz using Intel’s Turbo Boost 2.0, and 5GHz and higher speeds are easily achieved with air or basic liquid cooling. The speed gains are even more impressive if your system is over three years old, but probably won’t push many folks with 7th-gen Intel chips into upgrading. For multimedia, it’s worth noting that Intel has implemented some new 4K tech, which will make for smoother streaming of 10-bit, HDR Ultra HD video now on services services like Netflix and many new 4K TVs. The 8th-gen Core i5 and Core i3 chips in the lineup might be more interesting for consumers. The Core i3 chips start at $117 and have quad-cores and base clock speeds up to 4 GHz, while the Core i5 models, starting at $182, are six-core units. Neither are multi-threaded, but four physical cores and four threads is a lot better than two cores and four threads, which is what the i3 lineup had before. If you have Intel’s 7th-gen Core i7 chip and want to upgrade to get every ounce of gaming or graphics speed, it’s not as simple as a chip swap. The new CPUs will require Intel’s Z370 chipset-based motherboards, so they’re not at all compatible with whatever model you have right now. That chipset has a few advantages over the last gen, like improved power delivery for 6-core chips and better support for DDR4-2666 memory, but nothing dramatic. Some pundits have noted that Intel could have made them compatible with older motherboards, but elected not to . Intel is also touting its Optane storage for gamers, but as we’ve mentioned , this won’t help you much if you already have an SSD, and not at all if you have M.2 PCIe-based storage. The mainstream 8th-gen desktop chips are a bit less interesting than the 8th-gen laptop CPUs, which offered more performance than expected , Meanwhile, Intel recently unveiled the 7th-gen X-series i9 chips, which rocked up to 18 cores , dramatically boosting performance over the top-spec 10-core i7-6950X previous-gen models. The new eighth-gen desktop chips will arrive starting on October 5th, and as mentioned, the flagship Intel Core i7-8700K will cost you $359. Source: Intel

Last year, we reported that Microsoft and Facebook were teaming up to build a massive undersea cable that would cross the Atlantic , connecting Virginia Beach to the northern city of Bilbao in Spain. Last week, Microsoft announced that the cable, called Marea, is complete. Marea, which means “tide” in Spanish, lies over 17, 000 feet below the Atlantic Ocean’s surface and is around 4, 000 miles long. It weighs 10.25 million pounds. The data rates (which let’s face it, that’s what we’re all really interested in) are equally staggering: Marea can transmit at a rate of 160 TB/second. And it was finished in less than two years. What’s really interesting about Marea, though, is that it has an open design. This means that Microsoft and Facebook are trying to make the cable as future proof as possible. It can evolve as technology changes and demands increase for more data and higher speeds. Its flexibility means that upgrading the cable and its equipment to be compatible with newer technology will be easier. If you’re interested in learning more about Marea, you can watch the recorded livestream of a celebration of the cable that happened last Friday. It’s nice to see tech companies working together, and on big projects that will help them meet future demands for Internet usage. Source: Microsoft

Paul McNeil just published his comprehensive typographical overview, The Visual History of Type . To celebrate, he also published a list of his six favorite faces for It’s Nice That, starting with the first compact italic: The Aldine Italic / Griffo’s Italic / 1501 Few typefaces have had as great an influence on Western culture as Francesco Griffo’s Italic. At the end of the 15th century, when most books were large and heavy, Aldus Manutius commissioned Griffo to cut this compact, inclined letterform. Easily legible at small sizes, the Aldine Italic permitted the production of small, affordable, portable books suited to the requirements of an educated, mobile class of literate individuals. Over the next three centuries, the practice of publishing changed everything. By allowing texts to be reliably reproduced and disseminated in an almost limitless time frame, it triggered new ideas that profoundly challenged all forms of institutional control, leading to dramatic religious reforms, radical socio-political changes, and to the scientific worldview that initiated the modern era. • The Visual History of Type (via It’s Nice That ) Image via ilovetypography.com

An anonymous reader writes: SafeBrowse, a Chrome extension with more than 140, 000 users, contains an embedded JavaScript library in the extension’s code that mines for the Monero cryptocurrency using users’ computers and without getting their consent. The additional code drives CPU usage through the roof, making users’ computers sluggish and hard to use. Looking at the SafeBrowse extension’s source code, anyone can easily spot the embedded Coinhive JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is the same technology that The Pirate Bay experimented with as an alternative to showing ads on its site. The extension’s author claims he was “hacked” and the code added without his knowledge. Read more of this story at Slashdot.